Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
89
security advisoryFedoracritical fixFedora 39 Redis 7.2.2 Security Notice: Severe Unix Socket Exploit
**Redis 7.2.2** Released Wed 18 Oct 2023 10:33:40 IDT Upgrade urgency SECURITY: See security fixes below. Security fixes * (**CVE-2023-45145**) The wrong order of listen(2) and chmod(2) calls creates a race condition that can be used by another process to bypass desired Unix socket permissions on startup. Bug fixes * WAITAOF could timeout in the absence of write traffic in. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-fd75e4f307 2023-11-03 18:20:20.955534 -------------------------------------------------------------------------------- Name : redis Product : Fedora 39 Version : 7.2.2 Release : 1.fc39 URL : https://redis.io Summary : A persistent key-value database Description : Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Redis also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Redis behave like a cache. You can use Redis from most programming languages also. -------------------------------------------------------------------------------- Update Information: **Redis 7.2.2** Released Wed 18 Oct 2023 10:33:40 IDT Upgrade urgency SECURITY: See securityfixes below. Security fixes * (**CVE-2023-45145**) The wrong order of listen(2) and chmod(2) calls creates a race condition that can be used by another process to bypass desired Unix socket permissions on startup. Bug fixes * WAITAOF could timeout in the absence of write traffic in case a new AOF is created and an AOF rewrite can't immediately start (#12620) Redis cluster * Fix crash when running rebalance command in a mixed cluster of 7.0 and 7.2 nodes (#12604) * Fix the return type of the slot number in cluster shards to integer, which makes it consistent with past behavior (#12561) * Fix CLUSTER commands are called from modules or scripts to return TLS info appropriately (#12569) Changes in CLI tools * redis-cli, fix crash on reconnect when in SUBSCRIBE mode (#12571) Module API changes * Fix overflow calculation for next timer event (#12474) -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 18 2023 Remi Collet - 7.2.2-1 - Upstream 7.2.2 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #2244940 - CVE-2023-45145 redis: possible bypass of Unix socket permissions on startup https://bugzilla.redhat.com/show_bug.cgi?id=2244940 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-fd75e4f307' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 03, 2023
•Critical
Fedora
89
security advisorymoderateFedoraFedora 38: 2023-77ed1e26a4 Moderate: Redis Socket Permission Bypass
**Redis 7.0.14** Released Wed 18 Oct 2023 10:33:40 IDT Upgrade urgency SECURITY: See security fixes below. Security fixes * (**CVE-2023-45145**) The wrong order of listen(2) and chmod(2) calls creates a race condition that can be used by another process to bypass desired Unix socket permissions on startup.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-77ed1e26a4 2023-10-27 01:26:10.649952 -------------------------------------------------------------------------------- Name : redis Product : Fedora 38 Version : 7.0.14 Release : 1.fc38 URL : https://redis.io Summary : A persistent key-value database Description : Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Redis also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Redis behave like a cache. You can use Redis from most programming languages also. -------------------------------------------------------------------------------- Update Information: **Redis 7.0.14** Released Wed 18 Oct 2023 10:33:40 IDT Upgrade urgency SECURITY: See security fixes below. Security fixes * (**CVE-2023-45145**) The wrongorder of listen(2) and chmod(2) calls creates a race condition that can be used by another process to bypass desired Unix socket permissions on startup. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 18 2023 Remi Collet - 7.0.14-1 - Upstream 7.0.14 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #2244940 - CVE-2023-45145 redis: possible bypass of Unix socket permissions on startup https://bugzilla.redhat.com/show_bug.cgi?id=2244940 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-77ed1e26a4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Oct 27, 2023
Fedora
89
security advisorycriticalFedoraFedora 37: FEDORA-2023-8a9087f089 Critical Redis Race Condition
**Redis 7.0.14** Released Wed 18 Oct 2023 10:33:40 IDT Upgrade urgency SECURITY: See security fixes below. Security fixes * (**CVE-2023-45145**) The wrong order of listen(2) and chmod(2) calls creates a race condition that can be used by another process to bypass desired Unix socket permissions on startup.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-8a9087f089 2023-10-27 01:10:52.863778 -------------------------------------------------------------------------------- Name : redis Product : Fedora 37 Version : 7.0.14 Release : 1.fc37 URL : https://redis.io Summary : A persistent key-value database Description : Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Redis also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Redis behave like a cache. You can use Redis from most programming languages also. -------------------------------------------------------------------------------- Update Information: **Redis 7.0.14** Released Wed 18 Oct 2023 10:33:40 IDT Upgrade urgency SECURITY: See security fixes below. Security fixes * (**CVE-2023-45145**) The wrongorder of listen(2) and chmod(2) calls creates a race condition that can be used by another process to bypass desired Unix socket permissions on startup. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 18 2023 Remi Collet - 7.0.14-1 - Upstream 7.0.14 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #2244940 - CVE-2023-45145 redis: possible bypass of Unix socket permissions on startup https://bugzilla.redhat.com/show_bug.cgi?id=2244940 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-8a9087f089' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Oct 27, 2023
•Critical
Fedora
89
security advisoryupdateFedoraFedora 35: FEDORA-2022-602ab9d4cc moderate: pcs ruby socket permissions
- Fixed ruby socket permissions. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-602ab9d4cc 2022-09-17 01:54:03.901964 --------------------------------------------------------------------------------Name : pcs Product : Fedora 35 Version : 0.10.14 Release : 2.fc35 URL : https://github.com/ClusterLabs/pcs Summary : Pacemaker Configuration System Description : pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters. --------------------------------------------------------------------------------Update Information: - Fixed ruby socket permissions --------------------------------------------------------------------------------ChangeLog: * Thu Sep 8 2022 Miroslav Lisik - 0.10.14-2 - Fixed ruby socket permissions --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-602ab9d4cc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Sep 16, 2022
Fedora
89
security advisoryFedoraupdate notificationFedora 37 pcs Update 2022-84d52a8db7: Ruby Socket Permissions Fix
Fixed ruby socket permissions. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-84d52a8db7 2022-09-17 00:15:37.535257 --------------------------------------------------------------------------------Name : pcs Product : Fedora 37 Version : 0.11.3 Release : 4.fc37 URL : https://github.com/ClusterLabs/pcs Summary : Pacemaker Configuration System Description : pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters. --------------------------------------------------------------------------------Update Information: Fixed ruby socket permissions --------------------------------------------------------------------------------ChangeLog: * Wed Sep 7 2022 Miroslav Lisik - 0.11.3-4 - Fixed ruby socket permissions - Resolves: rhbz#2123389 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-84d52a8db7' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Sep 16, 2022
Fedora
197
security advisorysecurity issueremote accessDebian 8: DLA-2122-1 Moderate: libusbmuxd Socket Permissions Issue
It was discovered that libusbmuxd incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations. . Package : libusbmuxd Version : 1.0.9-1+deb8u1 CVE ID : CVE-2016-5104 Debian Bug : 825554 It was discovered that libusbmuxd incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations. For Debian 8 "Jessie", this problem has been fixed in version 1.0.9-1+deb8u1. We recommend that you upgrade your libusbmuxd packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The file access rights flaw in libusbmuxd version 1.0.9-1+deb8u1 affects Debian LTS installations significantly. libusbmuxd, Debian security, socket permissions, remote attacker. . LinuxSecurity.com Team
Feb 27, 2020
Debian LTS
197
security advisorysecurity updatedebianDebian 8: DLA-2121-1 Critical: libimobiledevice Socket Access Issue
It was discovered that libimobiledevice incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations. . Package : libimobiledevice Version : 1.1.6+dfsg-3.1+deb8u1 CVE ID : CVE-2016-5104 Debian Bug : 825553 It was discovered that libimobiledevice incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations. For Debian 8 "Jessie", this problem has been fixed in version 1.1.6+dfsg-3.1+deb8u1. We recommend that you upgrade your libimobiledevice packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . An important security patch for libimobiledevice resolves socket access problems and potential remote exploitation vulnerabilities in Debian 8.. libimobiledevice update, Debian security patch, remote access security, socket permissions fix. . Severity: Critical. LinuxSecurity.com Team
Feb 27, 2020
•Critical
Debian LTS
172
security advisoryprivilege escalationubuntuUbuntu 15.10 USN-2809-1 Moderate: LXD Privilege Escalation
LXD could be made to run programs as an administrator.. =========================================================================Ubuntu Security Notice USN-2809-1 November 12, 2015 lxd vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 Summary: LXD could be made to run programs as an administrator. Software Description: - lxd: Container hypervisor based on LXC Details: Jeroen Simonetti discovered that LXD incorrectly set socket permissions. A local attacker could use this issue to escalate privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: lxd 0.20-0ubuntu4.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2809-1 https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1515689 Package Information: https://launchpad.net/ubuntu/+source/lxd/0.20-0ubuntu4.1 . LXD security flaw in Ubuntu 15.10 permits local adversaries to gain elevated privileges through improperly set socket permissions.. LXD Privilege Escalation, Ubuntu Upgrade, Security Notice. . LinuxSecurity.com Team
Nov 12, 2015
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!